Ch.

1
Auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of
correspondence between the information and established criteria. Auditing should be done by a competent, independent
person.
To do any audit, there must be information in a verifiable form and some standards (criteria) by which the auditor can
evaluate the information.
Auditors routinely perform audits of quantifiable information, including companies financial statements and individuals
federal income tax returns. Auditors also audit more subjective information, such as the effectiveness of computer systems
and the efficiency of manufacturing operations.
Evidence is any information used by the auditor to determine whether the information being audited is stated in
accordance with the established criteria. Evidence takes many different forms, including:
Electronic and documentary data about transactions
Written and electronic communication with outsiders
Observations by the auditor
Oral testimony of the auditee (client)
The auditor must be qualified to understand the criteria used and must be competent to know the types and amount of
evidence to accumulate in order to reach the proper conclusion after examining the evidence. The auditor must also have
an independent mental attitude. The competence of those performing the audit is of little value if they are biased in the
accumulation and evaluation of evidence.
Auditors reporting on company financial statements are often called independent auditors. Even though such auditors are
paid fees by the company, they are normally sufficiently independent to conduct audits that can be relied on by users.
The final stage in the auditing process is preparing the audit report, which communicates the auditors findings to users.
Reports differ in nature, but all must inform readers of the degree of correspondence between the information audited and
established criteria.
--------------------------------------------------------------------------------------------------------------------------------------------------Accounting is the recording, classifying, and summarizing of economic events in a logical manner for the purpose of
providing financial information for decision making. To provide relevant information, accountants must have a thorough
understanding of the principles and rules that provide the basis for preparing the accounting information. In addition,
accountants must develop a system to make sure that the entitys economic events are properly recorded on a timely basis
and at a reasonable cost.
When auditing accounting data, auditors focus on determining whether recorded information properly reflects the
economic events that occurred during the accounting period. Because U.S. or international accounting standards provide
the criteria for evaluating whether the accounting information is properly recorded, auditors must thoroughly understand
those accounting standards. In addition to understanding accounting, the auditor must possess expertise in the
accumulation and interpretation of audit evidence. It is this expertise that distinguishes auditors from accountants.
--------------------------------------------------------------------------------------------------------------------------------------------------If the bank makes the loan, it will charge a rate of interest determined primarily by three factors:
1. Risk-free interest rate. This is approximately the rate the bank could earn by investing in U.S. treasury notes for
the same length of time as the business loan.
2. Business risk for the customer. This risk reflects the possibility that the business will not be able to repay its loan
because of economic or business conditions, such as a recession, poor management decisions, or unexpected
competition in the industry.
3. Information risk. Information risk reflects the possibility that the information upon which the business risk
decision was made was inaccurate. A likely cause of the information risk is the possibility of inaccurate financial
statements.

Auditing has no effect on either the risk-free interest rate or business risk, but it can have a significant effect on
information risk.
As society becomes more complex, decision makers are more likely to receive unreliable information. There are several
reasons for this: remoteness of information, biases and motives of the provider, voluminous data, and the existence of
complex exchange transactions.
1. Remoteness of Information. In a global economy, it is nearly impossible for a decision maker to have much
firsthand knowledge about the organization with which they do business.
2. Biases and Motives of the Provider. If information is provided by someone whose goals are inconsistent with
those of the decision maker, the information may be biased in favor of the provider.
3. Voluminous Data. As organizations become larger, so does the volume of their exchange transactions.
4. Complex Exchange Transactions. In the past few decades, exchange transactions between organizations have
become increasingly complex and therefore more difficult to record properly.
User Verifies Information. The user may go to the business premises to examine records and obtain information about the
reliability of the statements.
User Shares Information Risk with Management. There is considerable legal precedent indicating that management is
responsible for providing reliable information to users.
Audited Financial Statements. Are Provided The most common way for users to obtain reliable information is to have an
independent audit. Typically, management of a private company or the audit committee for a public company engages the
auditor to provide assurances to users that the financial statements are reliable.
--------------------------------------------------------------------------------------------------------------------------------------------------An assurance service is an independent professional service that improves the quality of information for decision makers.
Such services are valued because the assurance provider is independent and perceived as being unbiased with respect to
the information examined. Individuals who are responsible for making business decisions seek assurance services to help
improve the reliability and relevance of the information used as the basis for their decisions.
Assurance services can be done by CPAs or by a variety of other professionals.
For example, Consumers Union, a nonprofit organization, tests a wide variety of products used by consumers and reports
their evaluations of the quality of the products tested in Consumer Reports. The organization provides the information to
help consumers make intelligent decisions about the products they buy. Many consumers consider the information in
Consumer Reports more reliable than information provided by the product manufacturers because Consumers Union is
independent of the manufacturers.
CPAs have provided many assurance services for years, particularly assurances about historical financial statement
information. As a result of provisions in Section 404 of the SarbanesOxley Act, CPA firms provide assurance on internal
control over financial reporting for larger public companies.
One category of assurance services provided by CPAs is attestation services. An attestation service is a type of assurance
service in which the CPA firm issues a report about a subject matter or assertion that is made by another party. Primary
categories of attestation services include:

In an audit of historical financial statements, management asserts that the financial statements are fairly stated in
accordance with applicable U.S. or international accounting standards. An audit of these statements is a form of
attestation service in which the auditor issues a written report expressing an opinion about whether the financial

statements are fairly stated in accordance with the applicable accounting standards. These audits are the most
common assurance service provided by CPA firms

For an audit of internal control over financial reporting, management asserts that internal controls have been
developed and implemented following well established criteria. Section 404 of the SarbanesOxley Act requires
public companies to report managements assessment of the effectiveness of internal control. The Act also
requires auditors for larger public companies to attest to the effectiveness of internal control over financial
reporting.

For a review of historical financial statements, management asserts that the statements are fairly stated in
accordance with accounting standards, the same as for audits.

CPAs provide numerous other attestation services.

o For example, when a bank loans money to a company, the loan agreement may require the company to
engage a CPA to provide assurance about the companys compliance with the financial provisions of the
loan.
o Another type of attestation involves internal controls at service organizations. Many companies use a
third-party service provider to process some of their accounting activities, such as payroll, offsite at a
separate IT service center or through cloud computing. The service provider often engages an auditor to
provide an attestation report on the design and effectiveness of controls at the service organization.

CPAs also provide other assurance services that do not meet the definition of attestation services. These assurance services
differ from attestation services in that the CPA is not required to issue a written report, and the assurance does not have to
be about the reliability of another partys assertion about compliance with specified criteria. These other assurance service
engagements focus on improving the quality of information for decision makers, just like attestation services.
CPA firms perform numerous other services that generally fall outside the scope of assurance services. Three specific
examples are:
Accounting and bookkeeping services
Tax services
Management consulting services
Other Assurance Services Examples:
Other Assurance Services
Controls over and risks related to investments, including policies related
to derivatives
Mystery shopping
Assess risks of accumulation, distribution, and storage of digital
information
Fraud and illegal acts risk assessment
Organic ingredients
Compliance with entertainment royalty agreements
ISO 9000 certifications
Corporate responsibility and sustainability

Service Activities
Assess the processes in a companys investment practices to identify risks
and to determine the effectiveness of those processes
Perform anonymous shopping to assess sales personnel dealings with
customers and procedures they follow
Assess security risks and related controls over electronic data, including
the adequacy of backup and off-site storage
Develop fraud risk profiles, and assess the adequacy of company systems
and policies in preventing and detecting fraud and illegal acts
Provide assurance on the amount of organic ingredients included in a
companys products
Assess whether royalties paid to artists, authors, and others comply with
royalty agreements
Certify a companys compliance with ISO 9000 quality control standards,
which help ensure company products are of high quality
Report on whether the information in a companys corporate
responsibility report is consistent with company information and
established reporting criteria

--------------------------------------------------------------------------------------------------------------------------------------------------CPAs perform three primary types of audits.

Operational audit
Compliance audit
Financial statement audit

An operational audit evaluates the efficiency and effectiveness of any part of an organizations operating procedures and
methods. At the completion of an operational audit, management normally expects recommendations for improving
operations.
In operational auditing, the reviews are not limited to accounting. They can include the evaluation of
organizational structure, computer operations, production methods, marketing, and any other area in which the auditor is
qualified.
A compliance audit is conducted to determine whether the auditee is following specific procedures, rules, or regulations
set by some higher authority. Following are examples of compliance audits for a private business.
Results of compliance audits are typically reported to management, rather than outside users, because management is
the primary group concerned with the extent of compliance with prescribed procedures and regulations. Therefore, a
significant portion of work of this type is often done by auditors employed by the organizational units.
A financial statement audit is conducted to determine whether the financial statements (the information being verified) are
stated in accordance with specified criteria. Normally, the criteria are U.S. or international accounting standards, although
auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting
appropriate for the organization. In determining whether financial statements are fairly stated in accordance with
accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other
misstatements.
--------------------------------------------------------------------------------------------------------------------------------------------------Several types of auditors are in practice today. The most common are certified public accounting firms, government
accountability office auditors, internal revenue agents, and internal auditors.
Certified public accounting firms are responsible for auditing the historical financial statements of all publicly traded
companies, most other reasonably large companies, and many smaller companies and noncommercial organizations.
A government accountability office auditor is an auditor working for the U.S. Government Accountability Office (GAO),
a nonpartisan agency in the legislative branch of the federal government.The GAOs primary responsibility is to perform
the audit function for Congress, and it has many of the same audit responsibilities as a CPA firm. The GAO audits much
of the financial information prepared by various federal government agencies before it is submitted to Congress.
The IRS, under the direction of the Commissioner of Internal Revenue, is responsible for enforcing the federal tax laws as
they have been defined by Congress and interpreted by the courts. A major responsibility of the IRS is to audit taxpayers
returns to determine whether they have complied with the tax laws. These audits are solely compliance audits. The
auditors who perform these examinations are called internal revenue agents.
Internal auditors are employed by all types of organizations to audit for management with oversight by the board of
directors, much as the GAO does for Congress. Internal auditors responsibilities vary considerably, depending on the
employer. Some internal audit staffs consist of only one or two employees doing routine compliance auditing. Other
internal audit staffs may have more than 100 employees who have diverse responsibilities, including many outside the
accounting area. Many internal auditors are involved in operational auditing or have expertise in evaluating computer
systems.
---------------------------------------------------------------------------------------------------------------------------------------------------

Terms:
Accountingthe recording, classifying, and
summarizing of economic events in a logical
manner for the purpose of providing financial
information for decision making
Assurance servicean independent
professional service that improves the quality of
information for decision makers

Evidenceany information used by the auditor

to determine whether the information being
audited is stated in accordance with established
criteria
Financial statement auditan audit conducted
to determine whether the overall financial
statements of an entity are stated in accordance
with specified criteria (usually U.S. or
international accounting standards)

Attestation servicea type of assurance service

in which the CPA firm issues a report about a
subject matter or assertion that is the
responsibility of another party

Government accountability office auditoran

auditor working for the U.S. Government
Accountability Office (GAO); the GAO reports
to and is responsible solely to Congress

Audit of historical financial statementsa form

of attestation service in which the auditor issues
a written report stating whether the financial
statements are in material conformity with
accounting standards
Audit reportthe communication of audit
findings to users

Independent auditorscertified public

accountants or accounting firms that perform
audits of commercial and noncommercial
entities

Auditingthe accumulation and evaluation of

evidence about information to determine and
report on the degree of correspondence between
the information and established criteria
Certified public accountanta person who has
met state regulatory requirements, including
passing the Uniform CPA Examination, and has
thus been certified; a CPA may have as his or
her primary responsibility the performance of
the audit function on historical financial
statements of commercial and noncommercial
financial entities
Compliance audit(1) a review of an
organizations financial records performed to
determine whether the organization is following
specific procedures, rules, or regulations set by
some higher authority; (2) an audit performed
to determine whether an entity that receives
financial assistance from the federal
government has complied with specific laws
and regulations

Information riskthe risk that information

upon which a business decision is made is
inaccurate
Internal auditorsauditors employed by a
company to audit for the companys board of
directors and management
Internal control over financial reportingan
engagement in which the auditor reports on the
effectiveness of internal control over financial
reporting; such reports are required for
accelerated filer public companies under
Section 404 of the SarbanesOxley Act
Internal revenue agents auditors who work
for the Internal Revenue Service (IRS) and
conduct examinations of taxpayers returns

Operational audit a review of any part of an

organizations operating procedures and
methods for the purpose o
Review of historical financial statementsa
form of attestation in which a CPA firm issues a
written report that provides less assurance than
an audit as to whether the financial statements
are in material conformity with accounting
standards
SarbanesOxley Acta federal securities law
passed in 2002 that provides for additional
regulation of public companies and their
auditors; the Act established the Public
Company Accounting Oversight Board and also
requires auditors of larger public companies to
audit the effectiveness of internal control over
financial reporting